[jira] [Commented] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

Andrew Kondratev (Jira) Sat, 16 Nov 2019 02:40:34 -0800


    [ 
https://issues.apache.org/jira/browse/WICKET-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16975664#comment-16975664
 ]


Andrew Kondratev commented on WICKET-6703:
------------------------------------------

Thank you [~svenmeier] all this stuff looks good.

> Eliminate window.eval from wicket-ajax-jquery
> ---------------------------------------------
>
>                 Key: WICKET-6703
>                 URL: https://issues.apache.org/jira/browse/WICKET-6703
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket-core
>    Affects Versions: 8.6.1
>            Reporter: Andrew Kondratev
>            Assignee: Sven Meier
>            Priority: Major
>             Fix For: 9.0.0-M4
>
>
> It's impossible to configure wicket with strict CSP Policy without 
> unsafe-eval and keep using AJAX, because most of AJAX responses contain 
> evaluations and header contributions which cause window.eval to be called. 
> Window eval can be replaced with DOMEval with nonce approach. DOM eval is 
> available in jQuery as globalEval.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (WICKET-6703) Eliminate window.eval from wicket-ajax-jquery

Reply via email to